Commit 757dca2b authored by Douwe Maan's avatar Douwe Maan

Escape wildcards when searching LDAP by username.

parent e916f1c2
......@@ -20,6 +20,7 @@ v 7.9.0 (unreleased)
- Add brakeman (security scanner for Ruby on Rails)
- Slack username and channel options
- Add grouped milestones from all projects to dashboard.
- Escape wildcards when searching LDAP by username.
v 7.8.1
- Fix run of custom post receive hooks
......
......@@ -50,7 +50,7 @@ module Gitlab
end
def user_filter(login)
filter = Net::LDAP::Filter.eq(config.uid, login)
filter = Net::LDAP::Filter.equals(config.uid, login)
# Apply LDAP user filter if present
if config.user_filter.present?
......
......@@ -9,10 +9,12 @@ module Gitlab
attr_accessor :entry, :provider
def self.find_by_uid(uid, adapter)
uid = Net::LDAP::Filter.escape(uid)
adapter.user(adapter.config.uid, uid)
end
def self.find_by_dn(dn, adapter)
dn = Net::LDAP::Filter.escape(dn)
adapter.user('dn', dn)
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment